Skip links

Protect your Small to Medium-sized Business with the Right Tools

Welcome to Cyber Security Month where the focus this week is on what we know best: helping small to medium-sized businesses (SMBs) increase their security awareness and overall security. Our mobile device management solution, Sky Work, will come into play, but it is not the only thing you need to protect yourself, your employees, your business, or your customers. Those pretty important people, right? Let’s protect them!

This article will tackle the issue of small business security by looking at securing:

  • People
  • Networks
  • Hardware

Each one requires different approaches, and each one builds on the other. You can’t do one and expect it to handle the other two issues, you need a holistic approach to security and this article will teach you.

People: protect your SMB with education

Absolutely no tool invented can make you safe if your employees don’t use it, know how to use it, or don’t see the importance of always using it. We call this a “problem between the keyboard and the chair”, and only education can solve this problem.

An effective and ongoing cyber security education plan is essential, just as any other loss prevention or workplace safety strategy. This includes basic documentation of your cyber security plan, such as those found in the SBA’s Cybersecurity portal.

There are fun ways to do this, such as this game from Elevate Security:

Breaking away from lectures and handouts, and doing something active, helps instill a sense of responsibility into each employee. They need to know they have to make responsible choices with their:

  • Use of strong and diverse passwords
  • Clicking on emails, links, and downloads which could be scams
  • Giving away of data to the wrong people
  • Use of multi-factor authentication (2FA) on services which allow it
  • Backing up of data securely in case devices are stolen or subjected to ransomware
  • Authorization of software updates from trusted sources

If employees feel these things are only IT’s job, they’re wrong. It is everyone’s job to be responsible for their actions online. If they refuse to adapt and do not listen to training ask yourself if this employee is more valuable than the security of everyone else you work and do business with. Many companies make repeatedly not following security policies a dismissible offence—and for regulated industries poor security policies can have serious implications for the company.

Is your employee base larger and getting everyone together is hard? Try including videos in every company newsletter or email blast. They don’t have to be boring, even a video like this can help keep security top-of-mind:

Curate a variety of videos for distribution over several months. Sharing YouTube videos is a minimal time investment for you, but high-value for your employees. They will like being told to watch YouTube at work for once!

Making cyber security social

Other ideas that play to having more fun rather than having more work? Display tweets from thought leaders in the cyber security industry. Here are a few I respect, and a broader list of experts here:

There are many more ways to communicate cyber security training information in ways that are a bit more dynamic and exciting.

Networks: firewalls, VPNs, and anti-virus for your business

Your first step in actual digital security tactics is having a firewall set up on your company network. The goal of a firewall is to block unauthorized access to your network. There are three important considerations here:

  1. Installing firewall software on every computer
  2. Using hardware firewalls on every connection point
  3. Setting up software firewalls on the computers of remote employees

Hardware firewalls on all access points is usually where most companies end their firewall practices. The strategy of using firewalls on each computer, and for remote workers, is instead of having one gatekeeper controlling access and defending people, everyone knows deadly styles of kung fu and can protect themselves.

VPN use for your business

VPNs were invented for remote workers to have encrypted access to work networks. Their greatest benefit is how they encrypt traffic on networks the people can’t control—such as a coffee shop, restaurant, airport, or other public WiFi—so traffic cannot be intercepted and read by attackers.

The VPN industry is full of marketing about how great their product is, I know this well because I used to review VPNs for a living, so be sure to read several reviews before buying one. PC Mag is always a good place to start for anything techie. Tom’s Guide is also a good resource to check as well.

VPNs are essential for remote workers. No one wants to have their data stolen at the local coffee shop they like to work from. Hackers target locations like coffee shops in the hopes of getting data from specific employees they have tracked as visiting there.

Antivirus software

There is no getting around the fact that a little bit of antivirus software—even the free varieties—can do a lot to protect your business from malware which can:

  • Steal personal data from machines
  • Capture anything typed into a keyboard with a keylogger
  • Turn your whole network into a “bot” which can send out spam and DDoS attacks
  • Cause random windows to pop up on machines which lead to more malware
  • Include ransomware which demands money to release files stolen with encryption

Yes, many computers come with antivirus software on them already. Windows has Windows Defender, and Macs are well known for their Gatekeeper security. Settling for what is included simply isn’t enough for a business. Your customers don’t expect that ‘good enough’ is good enough for them. Investing in commercial antivirus software is crucial for all businesses.

Hardware: use mobile device management

Now that you have secured your people and your network it is time to secure your devices. All too often someone takes their machine home with them, but it gets lost or stolen along the way.

A mobile device management system (MDM) will allow you to:

  • Locate: See where the device is physically located. This allows you to get the device if it is in a known-to-be-secure area.
  • Lock: If the device is close you can go get it, but if the device is a little further away and still in a secure area it can be locked.
  • Delete: For those times when a device appears to have been stolen an MDM will allow you to delete all data on the device. For those times when a device is BYOD, only the work data can be wiped as well if the owner thinks they can still recover the device.

One of the most common hacks is simply stealing a device and extracting data from it. This can be devastating if the computer belongs to someone with sensitive data.

Sky Work for MDM

A tool designed to do all three of the tasks is Sky Work. We have designed our product to operate on three levels:

  • Community: Our free enterprise-grade mobile device management to everyone. It’s free to use for as many people and devices you need. Sign up for it now to get a feel for how it will help your business before upgrading to Top Secret.
  • Top Secret: Our business-level option. It includes our free MDM and combines it with BlackBerry Dynamics. BlackBerry Dynamics apps are built to power secure mobile productivity for everyone in your company.
  • Ultra: An enterprise solution for companies who need absolutely secure messaging for their employees. Sky Work Ultra includes everything in Top Secret and adds Sky ECC, the most secure messaging app available to the MDM and BlackBerry Dynamics.

Each level of the product offers increasing security to users. Those in fields of slightly less security can use Community and be mostly secure, with Top Secret perhaps being used by C-level users. Those in sensitive industries, such as law, pharmaceuticals, or anything with proprietary information, will need Ultra to truly lock down their work and communications.

Multiple lines of defense protect your SMB

You can’t rely on one person, one system, or one piece of hardware or software to protect your business. Christian Slater is a showrunner and actor on the fantastic hacking-based show Mr. Robot. Watch what happens when one person tries to be in charge of an entire company’s security and the hacker who exploits that vulnerability:

This isn’t science fiction. This is completely within the realm of any advanced hacker. It isn’t as sexy as a movie about hacking with cute CGI and hackers spouting one-liners, it’s just a terminal and code combined with an exploit as simple as someone walking away from a desk. This is reality. This is how hackers exploit users and networks to steal data, money, and time from you.

Your business and its customers deserve:

  • Proper training for all employees from the bottom up
  • Software and hardware which have multiple layers of protection for your network
  • Device management which will protect individual devices against theft

These three aspects of security are the basis for any business, regardless of their industry or size. Start making your plan this Cyber Security Month before hackers start making their plan for how they will exploit your weaknesses.

Share this post: